1. Field of the Invention
This invention relates to a remote maintenance and remote operation system in which a servicing device connected to an intracompany network of a service providing company performs maintenance and management on a device connected to a user-side network over an open external network, such as the Internet, through remote operation, and more specifically to a remote maintenance and remote operation system for use with network systems each of which is equipped with a firewall for the other.
2. Description of the Related Art
Nowadays a system is being practiced actively which performs maintenance and management on users' devices through remote operation over networks in order to save expenses and time for business trips.
Also, an attempt is being made to adopt a system which employs the Internet as a network for remote operation. The Internet is the worldwide network which permits free communications with unspecified persons around the world. Thus, the employment of the Internet will permit global remote maintenance service.
Incidentally, the Internet has a problem of security because it is an open network. In particular, if an intracompany network of a company is connected to the Internet and so all of host computers connected to that network are made accessible by outsiders over the Internet, then the company will be exposed to dangers that important internal information which must be kept confidential may be stolen, the system may be crashed, data may be altered, and the like.
For this reason, a "firewall" has come to be provided between the Internet and an intracompany network recently. The firewall is a facility for protecting the intracompany network from hackers. In general, firewalls are roughly classified into packet filtering gateways, circuit gateways, and application gateways.
FIG. 1 is a schematic illustration of a firewall that is equipped with the above-described packet filtering gateway feature and installed between an external network (Internet) 1 and an internal network (intracompany network) 2. In this figure there are illustrated IP address filtering and TCP port filtering by way of example.
Communications are made over the Internet on the basis on the TCP/IP protocol and IP datagram (IP packet) routing within the Internet is controlled on a bucket brigade basis. The IP datagram contains an IP header and a TCP header in its header.
The IP header contains an IP destination address (receiving IP address in the figure) and an IP source address (transmitting IP address in the figure). The IP address comprises a network address and a host address.
The TCP header contains a receiving port number and a transmitting port number. The port numbers have a one-to-one correspondence with processes and are utilized for interprocess communications over the Internet. A firewall 3 is provided with an IP address table 32 and a port number table 34. Into the IP address table 32 is entered a set of IP addresses that is acceptable to the internal network 2. Also, into the port number table 34 is entered a set of port numbers that is acceptable to the internal network 2.
In the IP address filtering, when a packet is received, a reference is made to the IP address table 32. If a transmitting IP address that has not been entered into that table is placed in the IP header of that packet (IP datagram), the IP datagram is rejected. Also, in the TCP port filtering, a reference is made to the port number table 34 when an IP datagram (packet) is received. If a port number that has not been stored into the port number table 34 is placed in the TCP header of that IP datagram, it is rejected. In this way, specific applications, such as Telenet, FTP and the like, can be filtered.
FIG. 2 is a diagram for use in explanation of a second feature of the firewall 3.
The firewall 3 is provided with a feature of making access to hosts within the internal network 2 for hosts on the external network 1 (e.g., the Internet) in order not to allow the external hosts to make direct access to the hosts within the internal network 2. In other words, access by hosts within the internal network 2 to the external network is to be made through the firewall 3 all the time.
In the example shown in FIG. 2, an IP address of "E" is set up on the firewall 3. Also, "A", "B", "C" and "D" are set up on hosts A, B, C and D in the internal network 2 as their respective IP addresses. In such a system, for example, when the host B wants to transmit an IP datagram 12 to some host (external host) on the external network 1, the host B transmits the datagram 12 to the firewall 3 not to the external host directly. Since the IP address set up on the host B is "B" as described above, the transmitting IP address of the IP datagram 12 is "B". Upon receipt of the IP datagram 12, the firewall 3 translates the original transmitting IP address B to its IP address "E" for subsequent transmission over the external network 1.
Thus, if only the IP address of the firewall 3 is made open to the external network 1, the existence of the internal network will be kept from the external network. The feature is also called the IP relay feature.
By installing the firewall 3 equipped with such a packet filtering gateway feature as described above between the internal network 2 and the external network 1, improper IP datagrams that are going to enter the internal network 2 directly from the external network 1 can be blocked almost completely.
FIG. 3 shows a system in which internal networks 2A, 2B, 2C and 2D of respective A, B, C and D companies are connected with a commercial network 5. In this system, each of the A, B, C and D companies installs a respective one of firewalls 3A, 3B, 3C and 3D between its own internal network 2A, 2B, 2C, and 2D and the commercial internet 5 in order to protect their respective internal networks from unauthorized access via the commercial network 5.
Next, problems with such a system as shown in FIG. 3 will be described with reference to FIG. 4.
In FIG. 4, the A company is a company which provides maintenance and management services for pieces of software and hardware within a network that its client manages. Suppose that the client is the D company and the A company considers performing maintenance and management services for a serviced device 7 connected to the D company's network 2D using a servicing device 6 connected to its own network by means of remote operation over the commercial internet 5.
In this case, when the IP address of the A company's firewall 3A has not been entered into the IP address table 32 in the D company's firewall 3D, even if the servicing device 6 transmits a packet for remote operation to the serviced device 7 of the D company, that packet is rejected by the firewall 3D and cannot enter the D company's internal network 2D. Thus, the A company cannot provides maintenance and management services for the serviced device of the D company.
If, on the other hand, the IP address of the A company's firewall 3A is entered into the IP address table 32 of the D company's firewall 3D, then the A company's servicing device 6 will be able to perform maintenance and management on the D company's serviced device 7 by remote operation. However, this will result in a problem of security. That is, in this case, since any host connected to the A company's internal network 2A, even it be a host other than the servicing device 6, can enter the D company's internal network, the possibility exists that the internal network 2D system of the D company may be destroyed and important information may be stolen. The reason is that the D company's firewall 3D cannot identify the source of packets sent from the A company's firewall 3A over the commercial internet 5.
In the prior art, therefore, as shown schematically in FIG. 5, direct point-to-point connection is made by a public line 8 or private line between the A company's servicing device 6 and the D company's serviced device 7 for maintenance and management service for the latter. With such an approach, however, it is required that both the A and D companies prepare communications devices 9A and 9B dedicated to the direct point-to-point connection therebetween and a servicing environment. Undesirably this involves double investment by both the companies, resulting in an increase in cost. In addition, in order to protect intracompany network security, it is necessary to carry out troublesome work of disconnecting each of the servicing device 6 and the serviced device 7 from its associated intracompany network 2A, 2B at the start of service and connecting them again at the termination of service.